Bug 17494: Prevent duplicate tokens from getting stored

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

diff --git a/Koha/Exceptions/Patron/Modification.pm b/Koha/Exceptions/Patron/Modification.pm
new file mode 100644 (file)
index 0000000..1068fbb
--- /dev/null
+++ b/Koha/Exceptions/Patron/Modification.pm
@@ -0,0 +1,12 @@
+package Koha::Exceptions::Patron::Modification;
+
+use Modern::Perl;
+
+use Exception::Class (
+    'Koha::Exceptions::Koha::Patron::Modification::DuplicateVerificationToken' => {
+        isa => 'Koha::Exceptions::Object',
+        description => "The verification token given already exists",
+    },
+);
+
+1;

diff --git a/Koha/Patron/Modification.pm b/Koha/Patron/Modification.pm
index 5407172..63f124f 100644 (file)
--- a/Koha/Patron/Modification.pm
+++ b/Koha/Patron/Modification.pm
@@ -23,6 +23,9 @@ use Carp;
 
 use Koha::Database;
 
+use Koha::Patron::Modifications;
+use Koha::Exceptions::Patron::Modification;
+
 use base qw(Koha::Object);
 
 =head1 NAME
@@ -33,6 +36,22 @@ Koha::Patron::Modification - Class represents a request to modify or create a pa
 
 =cut
 
+=head2 store
+
+=cut
+
+sub store {
+    my ($self) = @_;
+
+    if ( $self->verification_token ) {
+        if ( Koha::Patron::Modifications->search( { verification_token => $self->verification_token } )->count() ) {
+            Koha::Exceptions::Koha::Patron::Modification::DuplicateVerificationToken->throw;
+        }
+    }
+
+    return $self->SUPER::store();
+}
+
 =head2 approve
 
 $m->approve();

diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl
index 6bdd66a..e03d503 100755 (executable)
--- a/opac/opac-memberentry.pl
+++ b/opac/opac-memberentry.pl
@@ -139,6 +139,9 @@ if ( $action eq 'create' ) {
             $template->param( 'email' => $borrower{'email'} );
 
             my $verification_token = md5_hex( time().{}.rand().{}.$$ );
+            while ( Koha::Patron::Modifications->search( { verification_token => $verification_token } )->count() ) {
+                $verification_token = md5_hex( time().{}.rand().{}.$$ );
+            }
 
             $borrower{password}           = random_string("..........");
             $borrower{verification_token} = $verification_token;

diff --git a/t/db_dependent/Koha_borrower_modifications.t b/t/db_dependent/Koha_borrower_modifications.t
index fb24495..80eb6e2 100755 (executable)
--- a/t/db_dependent/Koha_borrower_modifications.t
+++ b/t/db_dependent/Koha_borrower_modifications.t
@@ -1,10 +1,12 @@
 #!/usr/bin/perl
 
 use Modern::Perl;
-use Test::More tests => 8;
+use Test::More tests => 9;
+use Try::Tiny;
 
-use C4::Context;
 use t::lib::TestBuilder;
+
+use C4::Context;
 use C4::Members;
 
 BEGIN {
@@ -27,6 +29,20 @@ Koha::Patron::Modification->new(
     }
 )->store();
 
+## Ensure duplicate verification tokens cannot be added to the database
+try {
+    Koha::Patron::Modification->new(
+        {
+            verification_token => '1234567890',
+            surname            => 'Hall',
+            firstname          => 'Daria'
+        }
+    )->store();
+} catch {
+    ok( $_->isa('Koha::Exceptions::Koha::Patron::Modification::DuplicateVerificationToken'),
+        'Attempting to add a duplicate verification token to the database should raise a Koha::Exceptions::Koha::Patron::Modification::DuplicateVerificationToken exception' );
+};
+
 ## Get the new pending modification
 my $borrower =
   Koha::Patron::Modifications->find( { verification_token => '1234567890' } );